Results 1 to 7 of 7
  1. #1
    Join Date
    Apr 2003

    Remove malicious image

    I have some files uploaded by ftp to the server, the intruder has included this tag at the end of index files

    <img heigth="1" width="1" border="0" src="">

    How can I remove the tag from the server, and how can identify how the intruder has obtained the password to upload the files?

    The customer computer has not viruses or trojans.
    Servicios hosting en Colombia
    Marketing Digital Internet con Resultados

  2. #2
    Join Date
    Apr 2003
    the number changes randomly in different files

    <img heigth="1" width="1" border="0" src="">
    Servicios hosting en Colombia
    Marketing Digital Internet con Resultados

  3. #3
    Join Date
    Jul 2007
    You can never say the customer has no virus or trojan. I am sure the customer must have scanned the computer using the existing antivirus which will never detect the virus, if it could the virus would not affect the computer at first place. Ask him to grab another antivirus and scan the whole system. Such issues are normally caused due to gumblar virus which steals the ftp credentials and passes on to the hackers who then infect pages using special scripts or software.
    Prashant T.

    Don't run after Success. Run after Excellence and Success will soon follow.

  4. #4
    Join Date
    Nov 2004
    To remove the tags, edit the files, or restore backups.

    To find out how they were infected, check the ftp messages in the logfile /var/log/messages - eg:

    grep infectedaccount /var/log/messages | grep ftp | less

  5. #5
    Join Date
    Mar 2011
    You can correct this by editing your php.ini file open remote URLs.

    Also, depending on how these files are uploaded, you can screen for malicious code and valid image formats through PHP.

  6. #6

    Please post results - so we can all learn

    Hi there;
    I'm hoping you fixed the problem.
    Please post your sesults even if you didn't get your desired response or if you ended up having a cognition and fixing it yourself- because that the whole point right? to grow as a community.

  7. #7
    Join Date
    Feb 2010
    There are only a couple ways your website can be hacked this way.
    I'm assuming hostgator is not running you on a non-suPHP server, so I won't go there.

    That said, the two means would be:
    1. Stolen password (through your computer, email, not secured connection when you were at the coffee shop uploading files, etc).

    2. Compromisable script on your website, such as a hackable plugin you might have installed in oscommerce, wordpress, joomla, etc., or even an older version of these apps which are easily hacked.

    That said, you should have a professional run through your website to identify any malware or back-door scripts that might remain. Finding and removing the obvious hacks is rarely all that's required.

    In the hundred or so websites I've cleared in the past year, most were people who had been hacked months before, and the previous guy only removed the iframes or embedded HTML, leaving the actual hacks (back-door scripts) in place. is a great free tool to check your pages.
    And is indispensable once you understand how it works.

    Best Wishes,
    Jim Walker
    The Hack Repair Guy

Similar Threads

  1. Replies: 2
    Last Post: 03-11-2011, 03:39 AM
  2. iScanner: Detect and Remove Malicious Codes from Web Pages
    By sasky in forum Hosting Security and Technology
    Replies: 1
    Last Post: 08-21-2010, 05:41 PM
  3. Remove underline from image hover
    By nWo Sting in forum Web Design and Content
    Replies: 13
    Last Post: 05-13-2010, 06:21 AM
  4. Remove border around image on Explorer
    By hostyourdream in forum Web Design and Content
    Replies: 4
    Last Post: 03-20-2010, 01:54 PM
  5. remove empty folders and remove from a db
    By NWSTech in forum Hosting Security and Technology
    Replies: 0
    Last Post: 07-22-2009, 03:18 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts